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What is claimed is: 

1 l\ A method comprising: 

2 \ detecting that a guest operating system attempts to access a region 

3 occupied by a first portion of a virtual machine monitor (VMM) within a first 

4 address space; and 

5 relocating the first portion of the VMM within the first address space to 

6 allow the guest operating system to access the region previously occupied by 

7 the first portion of the VMM. 

1 2. The methoa\pf claim 1 wherein the first portion of the VMM includes a 

2 set of VMM code and data structures that are architecturally required to 

3 reside in the first address space. 



1 3. The method of claim 1 wherein the first portion of the VMM includes a 

2 set of trap handlers and aointerrupt-descriptor table (IDT). 



1 4. The method of claim lyurtfterp&rfTprising: 

2 dividing the VMM irtfoUhe IfWt portion and a second portion; 

3 creating the first addr|slspace associated with the guest operating 

4 system; 

5 creating a second address ^pace associated with the VMM; 
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'\ locating the second portion of the VMM in the second address space 
associated with the VMM; and 

mapping the first portion of the VMM into the first address space and 
the second address space. 

5. The method of claim 1 further comprising: 

receiving control over an event initiated by the guest operating system 
when the event may potentially cause an address space conflict between the 
guest operating system land the VMM. 

6. The method of clainvB wherein receiving control further comprises: 
setting access rights of the section occupied by the first portion of the 

VMM to a more privileged levelVhan a privilege level associated with the 
guest operating system; and \ 

receiving a trap caused by an attempt of the guest operating system to 
access a hardware resource having a higher privilege level than the privilege 
level associated with the guest operating 9ystem. 

7. The method of claim 6 further comprising: 

determining that the trap can be handled W the first portion of the 
VMM; \ 
executing code associated with the trap; and \ 
returning control over the event to the guest operating system. 
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8. \ The method of claim 6 further comprising: 

\ determining that the trap should be handled by the second portion of 
the VMU; 

delivering the trap to the second portion of the VMM; 
passing control over the event to the guest operating system after code 
associated with\he trap was executed by the second portion of the VMM. 

9. The method oKclaim 1 wherein relocating the first portion of the VMM 
further comprises: \ 

finding an unused \egion within the first address space; and 
re-mapping the first portion of the VMM into the unused region. 

10. The method of claim 1 whferein relocating the first portion of the VMM 
further comprises: \ 

determining that no unused region exists within the first address 
space; \ 

selecting a random region within tHe first address space; 

copying content of a memory located Vt the random region to the 
second address space; and \ 

re-mapping the first portion of the VMM Wo the random region. 

11. The method of claim 10 further comprising: \ 
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2 \ receiving control over an event initiated by the guest operating system, 

3 the euent corresponding to an attempt of the guest operating system to access 

4 the content of the memory previously located at the random region; and 

5 accessing the copied content of the memory in the second address 

6 space. 
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1 12. The method of claim 11 further comprising periodically relocating the 

2 first portion of theWMM to random regions within the first address space 

3 until finding a region that is infrequently accessed. 

1 13. An apparatus comprising: 

2 a first address space associated with a guest operating system; 

3 a second address spai^e associated with a virtual machine monitor 

4 (VMM); and 

5 a virtual machine kernel \o detect that the guest operating system 

6 attempts to access a region occupied by a first portion of the VMM within the 

7 first address space and to relocate the first portion of the VMM within the first 

8 address space to allow the guest operating system to access the region 

9 previously occupied by the first portion of the VMM. 



1 14. The apparatus of claim 13 wherein the first portion of the VMM 

2 includes a set of VMM code and data structures that are architecturally 

3 required to reside in the first address space. 
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16. The apparatus of claim 13 wherein the first portion of the VMM 
includes a set of trap handlers and an interrupt-descriptor table (IDT). 

16. The apparatus of claim 13 wherein the virtual machine kernel is to 
divide tAe VMM-ifito the first portion and the second portion, to locate the 
second portion of the VMM in the second address space associated with the 
VMM, and to map the first portion of the VMM into the first address space 
and the second address space. 

17. The apparatus onclaim 13 wherein the virtual machine kernel is to 
receive control over an evtent initiated by the guest operating system when the 
event may potentially cause\an address space conflict between the guest 
operating system and the VMM. 

18. The apparatus of claim 13 wherein the virtual machine kernel is to 
receive control by setting access righfte of the section occupied by the first 
portion of the VMM to a more privileged level than a privilege level 
associated with the guest operating system, and by receiving a trap caused by 
an attempt of the guest operating system toWcess a hardware resource 
having a higher privilege level than the privilege level associated with the 
guest operating system. \ 

19. The apparatus of claim 18 wherein the virtual machine kernel is to 
further determine that the trap can be handled by thevfirst portion of the 
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VMM, to execute code associated with the trap, and to return control over the 
event to the guest operating system. 

20. Th& apparatus of claim 18 wherein the virtual machine kernel is to 
further determine that the trap should to handled by the second portion of the 
VMM, to delivek the trap to the second portion of the VMM, and to pass 
control over the event to the guest operating system after code associated 
with the trap was executed by the second portion of the VMM. 

21. The apparatus of claim 13 wherein the virtual machine kernel is to 
relocate the first portion of tnfe VMM by finding an unused region within the 
first address space and re-mapping the first portion of the VMM into the 
unused region. \ 

22. The apparatus of claim 13 whereir\ the virtual machine kernel is to 
relocate the first portion of the VMM by determining that no unused region 
exists within the first address space, selecting si random region within the first 
address space, copying content of a memory located at the random region to 
the second address space, and re-mapping the first ^portion of the VMM into 
the random region. \ 

23. The apparatus of claim 13 wherein the virtual machine kernel is to 
receive control over an event initiated by the guest operating system, the 
event corresponding to an attempt of the guest operating system to access the 
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4 Content of the memory previously located at the random region, and to access 

5 the <sopied content of the memory in the second address space. 
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1 24. The apparatus of claim 13 wherein the virtual machine kernel is to 

2 periodically relocate the first portion of the VMM to random regions within 

3 the first address space until finding a region that is infrequently accessed. 
1 

1 25. A system comprising: 

2 a memory to include a first address space associated with a guest 

3 operating system and a second address space associated with a virtual 

4 machine monitor (VMM); ar 

5 a processor, coupled to "khe memory, to detect that the guest operating 

6 system attempts to access a region occupied by a first portion of the VMM 

7 within the first address space and relocate the first portion of the VMM 

8 within the first address space to allowVhe guest operating system to access 

9 the region previously occupied by the fust portion of the VMM. 



1 26. The system of claim 25 wherein the first portion of the VMM includes a 

2 set of VMM code and data structures that are architecturally required to 

3 reside in the first address space. 

1 27. The system of claim 25 wherein the first portion of the VMM includes a 

2 set of trap handlers and an interrupt-descriptor table \lDT). 
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2a. A computer readable medium that provides instructions, which when 
executed on a processor, cause said processor to perform operations 
comprising: 

Meeting that a guest operating system attempts to access a region 
occupied by a first portion of a virtual machine monitor (VMM) within a first 
address spa^e; and 

\ 

relocating the first portion of the VMM within the first address space to 

\ 

allow the guest operating system to access the region previously occupied by 
the first portion of the VMM. 

29. The computer readable medium of claim 28 comprising further 
instructions causing the processor to perform operations comprising: 

finding an unused region within the first address space; and 
re-mapping the first portion of the VMM into the unused region. 

30. The computer readable medium of claim 28 comprising further 
instructions causing the processor to perform operations comprising: 

determining that no unused regioAexists within the first address 

space; 

selecting a random region within the fifcst address space; 
copying content of a memory located at the random region to the 
second address space; and 

re-mapping the first portion of the VMM intoVthe random region. 
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